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DETAILED ACTION 

1 . This action is responsive to: amendment filed on 1 1 February 2008 with an original 
application filed on 20 November 2003 with acknowledgement of the benefit of a foreign 
application filed 10 March 2003. 

2. Claims 1-8 are pending; claims 1 and 8 are independent claims. The Objection to the 
Specification is removed due to amendment. 

Response to Arguments 

3. Applicant's arguments filed 1 1 February 2008 have been fully considered however they 

are not persuasive. 

I) In response to Applicant's argument on page 5, "The Office Action rejects claims 1-8 
under 35 U.S.C. § 112, second paragraph, as being indefinite". 

The Examiner has withdrawn the 112 rejection but notes using the broadest reasonable 
interpretation (since no further clarification is offered by Applicant), the entity is interpreted to 
be equivalent to the client system. Applicant is reminded although the claims are interpreted in 
light of the specification limitations from the specification are not placed into the claims. 

II) In response to Applicant's argument beginning on page 10, "Nowhere in this section, or 
in any other section of Bhagavatula, is there a teaching of a client system transmitting a request 
of authentication of the product to a server system ". 

The Examiner disagrees with argument. Bhagavatulat teaches requesting authentication 
of a product in col. 8, lines 20-25. Note the 'product' is interpreted equivalent to 'data requested 
by the user'. Applicant is also reminded although an attempt is made to cite the column and line 
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numbers the entire reference must be considered. As for a 'server system' col. 8, line 27 teaches 
a server system. 

III) In response to Applicant's argument beginning on page 1 1 , "Bhagavatula fails to teach 
certifying that the product originates from the entity using sensitive information of the entity 
stored on the server system ". 

The Examiner disagrees with argument. Bhagavatula teaches the above limitation in 
col. 7, line 57 through col. 8, line 25. Note the sensitive information is equivalent to user name 
or ID, a secret password, a dynamically changing password, a PIN, answers to security 
questions, biometric data, etc.... which are taught in the Bhagavatula reference. 

IV) In response to Applicant's argument beginning on page 12, "Bhagavatula fails to teach 
returning a representation of the certification to the client system ". 

The Examiner disagrees with argument. Bhagavatula teaches the above limitation in 
col. 8, lines 54-67. Note the 'representation of the certification' is interpreted equivalent to the 
data selection page which is returned to the user. 

V) In response to Applicant's argument beginning on page 13, "Claims 4-7 are dependent 
on independent claim 1 and, thus, these claims distinguish over Bhagavatula for ... Moreover, 
Graves does not provide for the deficiencies of Bhag 

The Examiner disagrees with argument. There are no deficiencies in Bhag. 

VI) In response to Applicant's argument beginning on page 14, "The Office Action alleges 
that Graves teaches where the step of certifying that the product originates from an entity using 
sensitive information of the entity stored on the server system includes automatically retrieving a 
private key of the entity stored on the server system ". 
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The Examiner disagrees with argument. Grave teaches the above limitation on pages 5-6, 
paragraphs 0050, 0052-0053 and 0058. Note in paragraph 0050, Graves teaches that the keys are 
stored on a separate server. Graves teaches that the PTA and authentication services can be 
integrated [0050] in addition the browser retrieves the appropriate key. As well as in paragraph 
0059 that an automatically triggered cUent script can be used to eliminate the need to click 
through the intermediate pages. Applicant is also reminded although an attempt is made to cite 
the column and line numbers the entire reference must be considered. 

VII) In response to Applicant's argument on page 16, "Bhagavatula and Graves, taken alone 
or in combination, do not teach or suggest the client system invoking a remote command on the 

server system " 

The Examiner disagrees with argument. Grave teaches the above limitation on page 6, 
paragraph 0053. Note the remote conmiand is interpreted equivalent to private key and digital 

signature now available by selecting the account. 

VIII) In response to Applicant's argimient beginning on page 16, 'Bhagavatula and Graves, 
taken alone or in combination, do not teach ...as argued with respect to claim 1 ... Applicants 
respectfully submit that one of ordinary skill in the art would not confuse Grave 's generation of 
authentication challenge for a buyer to that authenticates whether a user is authorized to the 
payment instrument with the presently claimed generating a digital signature of the product that 
certifies that the product originates from an entity" 

The Examiner disagrees with argument for multiple reasons. First, Bhagavatula teaches 
the limitations as argued with respect to claim 1 as shown above. Second, as shown in the Office 
Action Graves teach the limitation of generating a digital signature as stated in paragraph 0050, 
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0052, and 0053. As known and repeated by Applicant Grave's invention is utilized to 
authenticate a user for a payment instrument. This teaching does not take away the teachings of 
Graves automatically generating a digital signature by selection of account also see paragraph 
0059. 

Claim Rejections - 35 USC §102 

4. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 
122(b), by another filed in the United States before the invention by the applicant for 
patent or (2) a patent granted on an application for patent by another filed in the United 
States before the invention by the applicant for patent, except that an international 
application filed under the treaty defined in section 351(a) shall have the effects for 
purposes of this subsection of an application filed in the United States only if the 
international application designated the United States and was pubhshed under Article 
21(2) of such treaty in the English language. 

5. Claims 1-3, are rejected mder 35 U.S.C. 102(e) as being anticipated by Bhagavatula et 
al. U.S. Patent No. 7,140,036 (hereinafter '036). 

As to independent claim 1, "A method of authenticating a digitally encoded product 
being originated by an entity having at least one authorized subject, the method including 
the steps of: a client system transmitting a request of authentication of the product to a 
server system" is taught in '036 col. 8, lines 20-25; 

"and returning a representation of the certification to the client system" is shown in 
'036 col. 8, lines 54-67; 
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"the server system verifying whether the request is received from an authorized 
subject, and responsive to a positive verification: certifying that the product originates 
from the entify using sensitive information of the entity stored on the server system" is 
disclosed in '036 col. 7, line 57 through col. 8, line 25. 

As to dependent claim 2, "wherein the step of verifying whether the request is 
received from an authorized subject includes: comparing an address of the client system 
with an indication of authorized addresses stored on the server system" is taught in '036 
col. 5, lines 5-14. 

As to dependent claim 3, "wherein the step of verifying whether the request is 
received from an authorized subject includes: comparing an identifier of a user logged on 
the client system with an indication of authorized users stored on the server system" is 
shown in '036 col. 8, lines 2-1 0. 

Claim Rejections - 35 USC §103 

6. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or 
described as set forth in section 102 of this title, if the differences between the subject matter 
sought to be patented and the prior art are such that the subject matter as a whole would have 
been obvious at the time the invention was made to a person having ordinary skill in the art 
to which said subject matter pertains. Patentability shall not be negatived by the manner in 
which the invention was made. 

7. Claims 4-8, are rejected under 35 U.S.C. 103(a) as being unpatentable over Bhagavatula 
et al. U.S. Patent No. 7,140,036 (hereinafter '036) in view of Graves et al. U.S. Patent 
Application Publication No. 2004/0177047 (hereinafter '047). 
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As to dependent claim 4, the following is not taught in '036: "wherein the step of 
certifying includes: automatically retrieving a private key of the entity stored on the server 
system, and digitally signing the product using the private key" however '047 teaches that 
the PTA and private keys may be hosted in a number of locations such as a separate server, and 
that the authentication process is carried out without human participation (i.e. automatically), and 
furthermore that the private key is used to create the digital signature on pages 5-6, paragraphs 
0050 and 0052-0053. 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
of a centralized identity authentication for electronic communication network taught in '036 to 
include a means to utilize private keys for authentication. One of ordinary skill in the art would 
have been motivated to perform such a modification because there is a need for buyer 
authentication in online purchases see '047 (page 2, paragraph 01 1) "Thus, there is a need for 
substantial buyer authentication in online commerce transactions. There is further a need for an 
approach to buyer authentication which is also flexible enough to easily adapt to varying levels 
of security for different applications and also to the adoption of new technologies. The approach 
preferably also does not impose significant burdens on or require extensive modification of the 
existing transaction processing infrastructure". 

As to dependent claim 5, "wherein the step of automatically retrieving the private 

key includes: calling a signing command passing a password for accessing the private key 

as a parameter" is taught in '047 page 6, paragraph 0053. 

As to dependent claim 6, "wherein the step of automatically retrieving the private 

key includes: calling a signing command with an option causing the import of the private 
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key from a private configuration memory area of the server system" is shown in '047 pages 

5-6, paragraphs 0050 and 0052-0053. 

As to dependent claim 7, "further including the steps of: the client system invoking a 
remote command on the server system, the server system verifying whether the remote 
command is included in a predefined list stored on the server system, the list including at 
least one remote command for satisfying the request of authentication, and the server 
system executing the remote command if included in the list" is disclosed in '047 pages 5-6, 
paragraphs 0050 and 0052-0053. 

As to independent claim 8, "A method of authenticating a software product being 
originated by an entity having at least one authorized subject, the method including the 
steps of: a client system transmitting a request of authentication of the product to a server 
system" is taught in '036 col. 8, line 20-31; 

"the server system verifying whether the request is received from an authorized 
subject, and responsive to a positive verification:" is disclosed in '036 col. 7, line 57 through 
col. 8, line 25; 

the following is not taught in '036: 

"generating a digital signature of the product using a private key of the entity stored 
on the server system" however '047 teaches that the PTA and private keys may be hosted in a 
number of locations such as a separate server, and that the authentication process is carried out 
without human participation (i.e. automatically), and fiirthermore that the private key is used to 
create the digital signature on pages 5-6, paragraphs 0050 and 0052-0053; 
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"and returning the digital signature to the client system, wherein the digital 
signature certifies that the product originates from the entity" however '47 teaches that a 
digital record of the transaction can by shown with the digital signatures on page 6, paragraph 
0056. 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
of a centralized identity authentication for electronic communication network taught in '036 to 
include a means to utilize private keys for authentication. One of ordinary skill in the art would 
have been motivated to perform such a modification because there is a need for buyer 
authentication in online purchases see '047 (page 2, paragraph 01 1) "Thus, there is a need for 
substantial buyer authentication in online commerce transactions. There is further a need for an 
approach to buyer authentication which is also flexible enough to easily adapt to varying levels 
of security for different applications and also to the adoption of new technologies. The approach 
preferably also does not impose significant burdens on or require extensive modification of the 
existing transaction processing infrastructure". 

Conclusion 

THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the 
extension of time policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS fi-om the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
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will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1 .136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the date of this 
final action. 

8 . It is noted, PATENTS ARE RELEVANT AS PRIOR ART FOR ALL THEY CONTAIN 
"The use of patents as references is not limited to what the patentees describe as their own 
inventions or to the problems with which they are concerned. They are part of the literature of 
the art, relevant for all they contain." In re Heck, 699 F.2d 1331, 1332-33, 216 USPQ 1038, 1039 
(Fed. Cir. 1983) (quoting In re Lemelson, 397 F.2d 1006, 1009, 158 USPQ 275, 277 (CCPA 

1 968)). A reference may be relied upon for all that it would have reasonably suggested to one 
having ordinary skill the art, including nonpreferred embodiments (see MPEP 2123). 

9. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Ellen C Tran whose telephone number is 

(571) 272-3842. The examiner can normally be reached from 7:30 am to 4:00 pm. If attempts 
to reach the examiner by telephone are unsuccessfiil, the examiner's supervisor, Kambiz Zand 
can be reached on (571) 272-38 1 1 . The fax phone number for the organization where this 
application or proceeding is assigned is (571) 273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
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system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 



/ELLEN IRAN/ 

Primary Examiner, Art Unit 2134 

7 September 2008 



